Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-64641 Mattermost Jira plugin crafted action leaks Jira issue details — Mattermost 4.1 Medium2025-12-24
CVE-2025-13767 Unauthorized Read Access to Private Channel Posts via Mattermost Jira Plugin — Mattermost 4.3 Medium2025-12-24
CVE-2025-58052 Galette has groups managers access control bypass on Members — galette 6.5AIMediumAI2025-12-19
CVE-2025-53922 Galette has access control bypass — galette 2.7AILowAI2025-12-19
CVE-2025-68422 Kibana Improper Authorization — Kibana 4.3 Medium2025-12-18
CVE-2025-68386 Kibana Improper Authorization — Kibana 4.3 Medium2025-12-18
CVE-2025-14318 Improper access validation in M-Files Server — M-Files Server 6.5AIMediumAI2025-12-18
CVE-2025-47382 Incorrect Authorization in Boot — Snapdragon 7.8 High2025-12-18
CVE-2025-68129 Auth0-PHP SDK has Improper Audience Validation — auth0-PHP 6.8 Medium2025-12-17
CVE-2025-14081 Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Profile Privacy Setting Bypass — Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 4.3 Medium2025-12-17
CVE-2025-13324 Lack of Invalidation of Legacy Remote Cluster Invite Tokens After Confirmation — Mattermost 3.7 Low2025-12-17
CVE-2025-14305 Acer|ListCheck.exe - Local Privilege Escalation — ListCheck.exe 7.8 High2025-12-17
CVE-2025-67740 JetBrains TeamCity 安全漏洞 — TeamCity 2.7 Low2025-12-11
CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup — nextjs-auth0 5.4 Medium2025-12-10
CVE-2025-9056 Tecno AudioLink 安全漏洞 — com.transsion.audiosmartconnect 7.1AIHighAI2025-12-10
CVE-2025-54838 Fortinet FortiPortal 安全漏洞 — FortiPortal 6.4 Medium2025-12-09
CVE-2025-40819 Siemens SINEMA Remote Connect Server 安全漏洞 — SINEMA Remote Connect Server 4.3 Medium2025-12-09
CVE-2025-66581 Frappe LMS is Missing Server-Side Authorization in Business Logic — lms 8.8 -2025-12-05
CVE-2025-66406 Improper Authorization Check for SSH Certificate Revocation — certificates 5.0 Medium2025-12-03
CVE-2025-20381 SPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP tool — Splunk MCP Server 5.4 Medium2025-12-03
CVE-2024-32643 Masa CMS vulnerable to authentication bypass with /tag/ — MasaCMS 7.5 High2025-12-03
CVE-2025-12756 Insecure Direct Object Reference in Mattermost Boards Plugin Enables Unauthorised Comment Deletion — Mattermost 4.3 Medium2025-12-01
CVE-2025-13829 Data Illusion Zumbrunn NGSurvey 安全漏洞 — NGSurvey 6.5AIMediumAI2025-12-01
CVE-2025-66433 HTCondor Access Point 安全漏洞 — HTCondor 4.2 Medium2025-11-30
CVE-2025-66423 Tryton trytond 安全漏洞 — trytond 7.1 High2025-11-30
CVE-2025-66424 Tryton trytond 安全漏洞 — trytond 6.5 Medium2025-11-30
CVE-2025-12971 Folders <= 3.1.5 - Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation — Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager 4.3 Medium2025-11-27
CVE-2024-5539 ALC WebCTRL Carrier i-Vu Access Control Bypass — WebCTRL 7.5 -2025-11-27
CVE-2025-66360 Logpoint SIEM 安全漏洞 — SIEM 7.2 -2025-11-27
CVE-2025-13432 Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access — Terraform Enterprise 4.3 Medium2025-11-21

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.